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REMARKS 

Applicants hereby reply to the Office Action dated April 28, 2005 within the shortened 
two month period for reply, so Applicants request an Advisory Action, if necessary. Claims 1-41 
were pending in the application and the Examiner rejects claims 1-41. Support for the 
amendments maybe found in the originally-filed specification, claims, and figures. No new 
matter has been introduced by these amendments- Reconsideration of this application is 
respectfully requested. 
REJECTIONS UNDER 35 U.S.C. § 1 12, f 1 

Claims 35-37 stand rejected as indefinite under 35 U.S.C. § 1 12, first paragraph, as 
failing to comply with the enablement requirement. Specifically, the Examiner asserts that the 
Applicants' argument stating that the Specification supports a signed challenge string and a 
digital certificate "contradicts the clear teaching of paragraph 54, where Applicant equates the 
two, or at least requires one be an instance of the other (A signed challenge string (e.g., digital 
certificate" (page 4 S paragraph 1) Applicants respectfully traverse this rejection. 

Applicants maintain that the specification clearly enables the digital certificate and the 
signed challenge string as two separate entities. For example, paragraph 14 states that the 
"challenge string is signed and transmitted with the digital certificate" (emphasis added). 
Further, paragraph 38 states that "the communication device 10 is configured with software to 
enable the smart card reader 12 to read the smart card 14 data and to communicate a signed 
challenge string and digital certificate to the host system 300". Moreover, paragraph 39 stales 
that "[T]he host system sends the user a challenge string (e.g., code with time-stamped feature) 
to the user 1 . When the user 1 enters his or her PIN number the digital certificate is accessed, the 
challenge string is signed and returned, along with the digital certificate, to the host system 300" 
(emphasis added). 

In the alternative embodiment described in paragraph 54, in which the merchant system is 
configured to maintain active control during authentication, a digital certificate is described as 
but one example of authentication or a signed challenge string. Paragraph 54 does not require 
that the signed challenge string and digital certificate be one and the same. However, to expedite 
prosecution of this application, Applicants amend paragraph 54 to clarify that the disclosure of 
the digital certificate and signed challenge string as individual and unique elements is enabling. 
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The Examiner further states that the "specification is also silent regarding some sort of 
comparison." However, paragraph 57 clearly states that the "user may thus be authenticated by 
comparing the digital certificate to the signed challenged string or by comparing either the digital 
certificate or the signed challenged string to a third data set stored in the user and/or account 
information database tables" (emphasis added). Thus, in light of the arguments presented as well 
as the amendment and support found in the specification, claim 35 is sufficiently definite and 
Applicants request withdrawal of the rejection of theses claims. 

Applicants assert that dependent claims 36 and 37, which depend from independent claim 
35, are allowable for at least the same reasons as set forth above regarding independent claim 35. 
REJECTIONS UNDER 35 U.S.C. § 112, K 2 

Claims 18-26 and 35-37 stand rejected as indefinite under 35 U.S.C. § 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which the applicants regard as the invention. Specifically, the Examiner asserts that 
claims 18, 23 and 35 recite communication over "an authenticated communication channel." 
The Examiner states, "To one of ordinary skill, this is an indication that steps were taken to 
authenticate the channel. However, the preceding limitations are silent regarding such actions." 
(page4,6.a). Applicants respectfully traverse this rejection. 

Applicants maintain that one of ordinary skill would recognize that there are a number of 
methods and architectures for creating an "authenticated channel", and the inclusion of the 
authenticated channel in the claims leaves it to those of ordinary skill to select a method of 
creating the authenticated channel. For example, dependent claims 19 and 20, disclose two 
specific methods for authenticating a channel. However, any method used to create an 
authenticated channel may be employed by one of ordinary skill. However, to expedite 
prosecution of this application, Applicants amend claims 18 and 35 for clarification. In light of 
the argument presented as well as the amendments and support found in the specification, claims 
18, 23 and 35 are sufficiently definite and Applicants request withdrawal of the rejection of 
theses claims. 

Applicants assert that dependent claims 19-22, 24, 25, 36 and 37 which variously depend 
from independent claims 18, 23 and 35 are allowable for at least the same reasons as set forth 
above regarding independent claims 18, 23 and 35. 
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REJECTIONS UNDER 35 U.S.C. § 103 

Claims 18-20 stand rejected under 35 US.c/§ 103(a) as being unpatentable over Payne 
et al., U.S. Patent No. 5,715,3 14 ("Payne") in view of Purpura, U.S. Patent No. 6,421,768 
("Purpura"). Applicants traverse this rejection. 

Specifically, the Examiner asserts that Payne fails to teach "redirecting a user to a host 
' site." The Examiner further asserts that Purpura "provides general teaching for redirecting a user 

to a host site" (page 7, paragraph 2). 

Payne discloses a system for facilitating purchase and payment transactions over a 
network The Payne system includes a buyer computer, a merchant computer and a payment 
computer interconnected over a network. Payne further discloses a buyer selecting a product to 
purchase, wherein the selected product has a correspond^ payment URL. The payment URL 
farther comprises a domain identifier, payment amount, merchant computer identifier, merchant 
account, various timestamps, buyer network address and a payment URL authenticator. Payne 
discloses that the payment URL authenticator is a hash being a defined key shared between the 
merchant and the operator of the payment computer. In other words, the hash itself is irrelevant 
to purchase transaction details in that it only serves to authenticate the payment URL m order to 
ensure that the source of the payment URL is a legitimate merchant. 

Payne discloses a hash (URL authenticator) being encompassed within a grouping of data 
(payment URL). Payne does not disclose a grouping of data (payment URL) being encompassed 
within a hash (URL authenticator). This is an important distinction because according to the 
teaching of Payne, the source of the data may be ensured by verifying the URL authenticator; 
however, the integrity of the data encompassed within the payment URL is not ensured. Thus, 
the Payne reference is limited to providing assurance of the source of data (URL authenticator) 
and does not teach the use of a hash to facilitate the secure submission of a payment request, or 
the use of a hash to identify a transaction account to be charged in a transaction. As such, Payne 
does not disclose or suggest at least, "communicating said secondary transaction number over 
said authenticated communication channel to said merchant, whereui said merchant submits a 
payment request based on said secondary transaction account number" as recited by independent 
claim 18. 
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Applicants assert that dependent claims 19 and 20 depend from independent claim 18 and 
are differentiated from the cited references for at least the same reasons as set forth above, as 
well as in view of their own respective features. 

Claims 21-25 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Payne 
et al., U.S. Patent No. 5,715,314 ("Payne") in view of Purpura, U.S. Patent No. 6,421,768 
("Purpura"), and in further view of Gifford, U.S. Patent No. 5,724,424 ("Gifford"). Applicants 
traverse this rejection. 

Applicants assert that claims 21 and 22 which depend from independent claim 18 and 
independent claim 23 (along with dependent claims 24 and 25) are differentiated from the cited 
references for at least the same reasons as set forth above, as well as in view of their own 
respective features. 

Claims 35-37 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Payne 
et aL, U.S. Patent No. 5,715,314 OTayne") in view of Gifford, U.S. Patent No, 5,724,424 
O'Gifford"). Applicants traverse this rejection. 

Applicants assert that independent claim 35 is differentiated from the cited references for 
at least the same reasons as set forth above in differentiating independent claim 1 8 from the cited 
references. Claims 36 and 37 depend from claim 35 and are differentiated from the cited 
references for at least the same reasons as set forth above, as well as in view of their own 
respective features. 
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In view of the above remarks and amendments,, Applicants respectfully submit that all 
pending claims properly set forth that which Applicants regard as their invention and are 
allowable over the cited references. Accordingly, Applicants respectfully request allowance of 
the pending claims. The Examiner is invited to telephone the undersigned at the Examiner's 
convenience, if that would help further prosecution of the subject Application. Applicants 
authorize and respectfully request that any fees due be charged to Deposit Account No. 19-28 14. 



SNELL & WILMER L.L.P. 

400 E. Van Buren 

One Arizona Center 

Phoenix, Arizona 85004 

Phone: 602-382-6228 

Fax: 602-382-6070 

Email: hsobelman@swlaw.com 
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